Social media platform Twitter, earlier today on Wednesday, was on fire after it suffered one of the biggest cyberattacks in its history.
A number of high-profile Twitter accounts, including those of US presidential candidate Joe Biden, Amazon CEO Jeff Bezos, Bill Gates, Elon Musk, Uber, and Apple, were breached simultaneously in what’s a far-reaching hacking campaign carried out to promote a cryptocurrency scam.
The broadly targeted hack posted similar worded messages urging millions of followers to send money to a specific bitcoin wallet address in return for larger payback.
“Everyone is asking me to give back, and now is the time,” a tweet from Mr Gates’ account said. “You send $1,000, I send you back $2,000.”
Twitter termed the security incident as a “coordinated social engineering attack” against its employees who access its internal tools.
As of writing, the scammers behind the operation have amassed nearly $120,000 in bitcoins, suggesting that unsuspecting users have indeed fallen for the fraudulent scheme.
“We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools,” the company said in a series of tweets.
“Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing.”
— The Hacker News (@TheHackersNews) July 15, 2020
It’s not immediately clear who was behind the attack, or the attackers could have had access to direct messages sent to or from the affected accounts.
The attack appears to have been initially directed against cryptocurrency-focused accounts, such as Bitcoin, Ripple, CoinDesk, Gemini, Coinbase and Binance, all of which were hacked with the same message:
“We have partnered with CryptoForHealth and are giving back 5000 BTC to the community,” followed by a link to a phishing website that has since been taken down.
Following the tweets, the accounts for Apple, Uber, Mike Bloomberg, and Tesla and SpaceX CEO Elon Musk all posted tweets soliciting bitcoins using the exact same Bitcoin address as the one included on the CryptoForHealth website.
Although the tweets from the compromised accounts have been deleted, Twitter took the extraordinary step of temporarily stopping many verified accounts marked with blue ticks from tweeting altogether.
Account hijacks on Twitter have happened before, but this is the first time it’s happened at such an unprecedented scale on the social network, leading to speculations that hackers grabbed control of a Twitter employee’s administrative access to “take over a prominent account and tweet on their behalf” without knowing their passwords or two-factor authentication codes.
Security researchers also found that the attackers had not only taken over the victims’ accounts, but also changed the email address associated with the account to make it harder for the real user to regain access.
Last year, Twitter chief executive Jack Dorsey’s account was hacked in a SIM swapping attack, allowing an unauthorized third-party to post tweets via text messages from the phone number. Following the incident, Twitter discontinued the feature to send tweets via SMS earlier this year in most countries.
Given the widespread scope of the campaign, the damage could have been far more catastrophic. But the motive of the adversaries seems to all but indicate this was a quick money-making scam.
“The accounts appear to have been compromised in order to perpetuate cryptocurrency fraud,” the FBI’s San Francisco field office said in a statement. “We advise the public not to fall victim to this scam by sending cryptocurrency or money in relation to this incident.”